Microsoft has advised Azure users to update their PowerShell versions 7.0 or 7.1 to address a remote code execution vulnerability that was patched earlier this year.
Microsoft has advised Azure users who manage Azure resources with affected versions of the PowerShell task automation solution should update to versions 7.0.6 or 7.1.3. Microsoft added that the new version should be installed “as soon as possible.” The Microsoft version of Windows PowerShell 5.1 is unaffected.
Microsoft patched the security vulnerability, which was identified as CVE-2021-26701 and was classified as high severity, in February with its Patch Tuesday upgrades. Because of the way text encoding is handled in.NET 5 and.NET Core, the issue exists.
Microsoft said in its advisory for CVE-2021-26701, that the security vulnerability has been publicly disclosed but has given it an exploitability rating of “exploitation less likely,” which means that “while exploit code could be created, an attacker would likely have difficulty creating the code, requiring expertise and/or sophisticated timing, and/or varied results when targeting the affected product.” according to the advisory.
PowerShell 7.0 and 7.1 were only added to the list of vulnerable products in May, despite the fact that the advisory was published in February.